When sensitive information is to be exchanged between transceiving stations, the originating station will be concerned that the information can be intercepted by an intentional act of an unauthorized party as the information travels over a communication medium between the stations, or that the message may inadvertently be received by an unauthorized receiving station.
Similar concerns arise when a party at a computer system located at a first station requests access to sensitive data files stored in a computer system located at a second station. In order to protect the files from unauthorized disclosure, the second station will be concerned whether the requesting party is authorized to access the files, and if authorized whether the information may be copied by a third party during transmission between stations.
The most widely accepted method of information protection over networks is the use of encryption, where the sending and receiving parties must share an encryption key to encrypt and decrypt the information being exchanged. In such systems, authentication is typically performed through cleartext exchanges, and the encryption keys that are used are changed infrequently as person-to-person exchanges are the only means to ensure that the encryption key can be shared without risking public exposure. As a result, valuable information and time are made available to an attacker who desires to discover the encryption key and gain access to all encrypted information which is exchanged over the networks.
Prior authentication and encryption systems are disclosed in U.S. Pat. Nos. 5,060,263; 5,065,429; 5,068,894; 5,153,919; 5,355,413; 5,361,062; 5,474,758; and 5,495,533. U.S. Pat. No. 5,060,263 employs a reversible encryption algorithm, conducts all exchanges between the host and client in cleartext, and provides only unilateral authentication. U.S. Pat. No. 5,065,429 provides only unilateral authentication, and stores its encryption keys on the storage medium where they would be accessible to any attacker reading the medium. U.S. Pat. No. 5,068,894 employs a reversible encryption algorithm which is never changed, and makes both cleartext challenges and encrypted responses available to an attacker. U.S. Pat. No. 5,153,919 provides useful cleartext information for an attacker in exchanges between stations, uses weak encryption algorithms to avoid latency problems, and does not provide for secure activation of the token as anyone who possesses it may use it. U.S. Pat. No. 5,355,413 encrypts a random challenge, but does not encrypt information exchanged between host and client. U.S. Pat. No. 5,361,062 exchanges information between host and client in cleartext, uses a reversible encryption algorithm, provides only unilateral authentication, triggers encryption iterations as a function of time which contributes to computer overhead and system latency, and requires a resynchronization protocol to keep token and host in sync. U.S. Pat. No. 5,474,758 provides only unilateral authentication, and depends upon the users ability to hide the storage of its certificate of authenticity. U.S. Pat. No. 5,495,533 provides only unilateral authentication, incurs a high network overhead contributing to latency, and depends upon a key directory which is susceptible to attacker intrusions.
Additional prior authentication systems are disclosed in U.S. Pat. Nos. 5,233,655; 5,367,572; 5,421,006; and 5,481,611. U.S. Pat. No. 5,233,655 provides only unilateral authentication, and does not provide any encryption of information that is being exchanged. U.S. Pat. No. 5,367,572 provides only unilateral authentication, requires a resynchronization protocol to keep the host and client in sync, and transmits all information exchanges in cleartext. U.S. Pat. No. 5,421,006 provides only unilateral authentication, and operates in a windowed environment which contributes substantially to CPU overhead and thus system latency. U.S. Pat. No. 5,481,611 provides only unilateral authentication, and conducts all information exchanges in cleartext. U.S. Pat. No. 5,309,516 requires that a key directory be stored.
None of the above prior art references disclose the use of dual many-to-few bit-mapping in generating a deterministic, non-predictable, and symmetric encryption key as used in the present invention.
In addition to the above disclosures, the use of secure hash algorithms (SHA) is disclosed in FIPS Pub. 180-1, Secure Hash Standard (Apr. 17, 1995); and token system security requirements are described in FIPS Pub. 140-1, Security Requirements For Cryptographic Modules (Jan. 11, 1994).
The present invention provides a combination of authentication and encryption in which parameters including system passwords, encryption keys, and change values that are used to alter a dynamic secret to produce new, pseudo-random system passwords and encryption keys, are used during only a single system connection before being replaced with new parameters having no known relationship with their previous counterparts, and both the originating system and the answering system in a network exchange independently generated passwords through use of an encryption key generator which employs bit-shuffling, many-to-few bit-mapping and secure hash processing to produce such parameters in a manner which is highly resistant to any attempt to discover the secret inputs to the encryption key generator through cryptographic analysis or brute force trial-and-error attacks. Further, the handshake protocol between the originating system and the answering system requires that only system identifiers be exchanged over a network in cleartext, and protects the encryption key generator, the system passwords, the encryption key, and the change value from public exposure. In addition, system IDs may be altered upon the completion of a system connection, or by request of one system to the other, to provide a further protection against playback impersonation by a would-be attacker.